Edit tour

Windows Analysis Report
https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDX

Overview

General Information

Sample URL:	https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnD
Analysis ID:	1431005

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDXHzo0-2BRl2juwpMn3h9dNAq9ZBCf8LnPEOZY9GqbZetUAeU7Eutkrra6RqLG0LYTAB9pnUknxEinL3j6RW-2F5AawLVk6-2FJEsz0F-2FhvPx4oc-3D MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1964,i,6565237022514382847,2558898425133364238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

Acrobat.exe (PID: 1484 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\IPKGELNTQY.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2396 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5464 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1584,i,16493858501410252826,12361641648931769759,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.131:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13

Source: unknown

DNS traffic detected: queries for: u43957641.ct.sendgrid.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.131:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49722 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@32/32@6/108

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 13-01-06-381.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDXHzo0-2BRl2juwpMn3h9dNAq9ZBCf8LnPEOZY9GqbZetUAeU7Eutkrra6RqLG0LYTAB9pnUknxEinL3j6RW-2F5AawLVk6-2FJEsz0F-2FhvPx4oc-3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1964,i,6565237022514382847,2558898425133364238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1964,i,6565237022514382847,2558898425133364238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\IPKGELNTQY.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1584,i,16493858501410252826,12361641648931769759,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 072A012005C0693B4CA4BD2CD7F530DE
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1584,i,16493858501410252826,12361641648931769759,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDXHzo0-2BRl2juwpMn3h9dNAq9ZBCf8LnPEOZY9GqbZetUAeU7Eutkrra6RqLG0LYTAB9pnUknxEinL3j6RW-2F5AawLVk6-2FJEsz0F-2FhvPx4oc-3D	0%	Avira URL Cloud	safe
https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDXHzo0-2BRl2juwpMn3h9dNAq9ZBCf8LnPEOZY9GqbZetUAeU7Eutkrra6RqLG0LYTAB9pnUknxEinL3j6RW-2F5AawLVk6-2FJEsz0F-2FhvPx4oc-3D	2%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
091.it-mil-1.linodeobjects.com	1%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.141.103	true	false		high
u43957641.ct.sendgrid.net	167.89.123.147	true	false		high
091.it-mil-1.linodeobjects.com	unknown	unknown	false	1%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
167.89.123.147	u43957641.ct.sendgrid.net	United States	11377	SENDGRIDUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.251.2.84	unknown	United States	15169	GOOGLEUS	false
142.251.2.138	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.2.139	unknown	United States	15169	GOOGLEUS	false
142.250.101.94	unknown	United States	15169	GOOGLEUS	false
34.193.227.236	unknown	United States	14618	AMAZON-AESUS	false
142.250.141.103	www.google.com	United States	15169	GOOGLEUS	false
172.232.192.101	unknown	United States	20940	AKAMAI-ASN1EU	false
74.125.137.94	unknown	United States	15169	GOOGLEUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.206.4.165	unknown	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.17
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431005
Start date and time:	2024-04-24 12:59:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDXHzo0-2BRl2juwpMn3h9dNAq9ZBCf8LnPEOZY9GqbZetUAeU7Eutkrra6RqLG0LYTAB9pnUknxEinL3j6RW-2F5AawLVk6-2FJEsz0F-2FhvPx4oc-3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@32/32@6/108

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.139, 142.251.2.113, 142.251.2.102, 142.251.2.138, 142.251.2.101, 142.251.2.100, 142.251.2.84, 34.104.35.123, 172.232.192.101, 172.232.192.104, 172.232.192.103, 172.232.192.105, 172.232.192.99, 172.232.192.98
Excluded domains from analysis (whitelisted): it-mil-1.linodeobjects.com.akadns.net, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2156

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.335675271083342
Encrypted:	false
SSDEEP:
MD5:	21C2897AF61008642F5447F04E9F720F
SHA1:	5DB15007DFD99D2C8BA52ED6A9CA367BFB82FCEE
SHA-256:	7D687A5B42C9B0C87B1CAF5CDF52CB20EEA6BD77E4C8D38AE680581BA6D4FCCB
SHA-512:	63FF37F2ED47A2AD1532AC1266216A88F7BE133060C79AA72EECA5633313D25A4932BF6F46E03916B21768AD5B2FD04F01FCB33A473C9A44C63C9E025A465F4E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2812323064839815
Encrypted:	false
SSDEEP:
MD5:	AD540C09C742E3AB5735F5C1801982E5
SHA1:	2683B3D015D98F4CC4259B7FC3BC6F359725D02F
SHA-256:	8285F013EC0E42DF6CE024A436BFB853F48A77D8ACCC39B2D791F86CBCAE36B3
SHA-512:	D75E1BFBAC79004C717497C9EB83CB4D5C9903FAC30CE3C47E6B6ECA77FD1402596444AA895639B5625E5CFB092A86CA3C5B94867B83E1A105826E98D1608807
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.258993376855807
Encrypted:	false
SSDEEP:
MD5:	89E7563CFC6780700F2CB179D82C4A0E
SHA1:	37F8D89C9CAFDF9B87FFC488BEA03C3255593521
SHA-256:	A784F61928AF5D2D8DCE891DED2DEEAA576D8C4D73660A0CF08398E9A48FA1F9
SHA-512:	8CDE3F98E93394E0FCB8585CBCEAE103F82DE63866312AC1D8BF7A5AC62A0F4B1E1156CBFC833BC0B6B97D0292A02112BA4908106C2244A69A7EE0E09A79B31D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.320800242031623
Encrypted:	false
SSDEEP:
MD5:	E20712D97F30458A7D9E9F4D89B8130F
SHA1:	CB8A4F2AF4937CA7BB46174509AFE0AF786C8F28
SHA-256:	760C78EF9DF42440EC62AB20AC533AE09A6FA15D8D10F8579A39F3DAD9866569
SHA-512:	C847CE0B5ACD183B54AD6EA45B95BB6D1EE4E9FFA6D9C66AE0FC9B818F3808CCF1CB540DACA290837164D3254421222713B452EB5283ECAE041971D38B2B2FC6
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.282774554271022
Encrypted:	false
SSDEEP:
MD5:	1FAAFD2FF627F891BCBB703DE8F44118
SHA1:	AD59E0CC455A9D6DE08606EEA56511321F6AEF67
SHA-256:	1AC0AB26B5EADAD96F99DD38FE149605A8A9126FE939C168BDC6FCB379F0D390
SHA-512:	1DCEA601EADEAEEAED79765F45E8B29348A3006DFCC39149938F09215E15063F9DCD779795A7BD82A56A41CFA2F27BECDE9CA8632620C4BA4789F82EAA1BBA38
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.267881790759336
Encrypted:	false
SSDEEP:
MD5:	0A5040FE6215C5FA09CAA65F102B82F0
SHA1:	B1AFCBB44D90C1EC89B1BAEE6359B5CAEBCFE557
SHA-256:	33697B1C7E434A065EB870AE590D9AD8E659B5207439572D525FBF2299121D40
SHA-512:	EAB832A42176771B51AE0484F11CA75B05D26C8CE7BC4E4A888104F6AFD7FE7BD907ACF136016C88F1D1D42B9BB623591F9D38E47B5A1175CC6B75AFB43318CF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.270010756851178
Encrypted:	false
SSDEEP:
MD5:	426112BB51C41A400A4A5CC4A4C1C672
SHA1:	403C3D559084C3C31CA336D7CCFEEED19F55D7CC
SHA-256:	B90E5A512B07E3C6EF15E1BF55A30FBE79CE1EA6EABA207BECEE69182EB51EB6
SHA-512:	B01F3B23243EE09D5DBC79C4EDA205F23366169089E01C687B342C5A180632942D179F06C538DFD255A738B9F8957EAA1FA48E26C47401ADA230C0A74AB78674
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.278681445537949
Encrypted:	false
SSDEEP:
MD5:	36040BAA8F29277C7E6F1D52797FEACB
SHA1:	E6EFC3BE998ADC5FC1EFDBCE7487AA221C124F62
SHA-256:	23B9FBBBB1819D575792BAFC66E83D468F571740A5B2EEFDA6FD62FB6CB91894
SHA-512:	4CB8DF3F8FBE7687573EDAB2627882C0737F269131C5C7C1092DB9087FB4911D13F77C6F157AA696319233CF3BFFB2E3CD5EA9727A1342F11A94269BD9A77558
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.737811795972258
Encrypted:	false
SSDEEP:
MD5:	189D25F0E5C4A6241C20B66AC3A57FFC
SHA1:	1ECD78900D7E3F8D58041C4F5F59474B046BC784
SHA-256:	2912D4AB4F4378483375D324592D6CF691B8793C05156E22EADF2B0FB0DE42A8
SHA-512:	441E0988104D061E0701DDDD2712CCB326229BC8C925B30A65E3679DA7E79617571DDECFA682F9A3FCF37CA7EDA83C919159CB3691EFBD75CF6CC138F5C4F4B4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.275669042354409
Encrypted:	false
SSDEEP:
MD5:	F393CD979990A43C2BF30EF5651B045C
SHA1:	0A41F7CFDCFD5CA8E9C6791C57C33EB55B55D5B8
SHA-256:	0781594FFF5E76CA98F8A70C2A663BFB19369658A4DC4479DC93DEC8D3FCA7C8
SHA-512:	C7E37E4EBFA1834CD28215B830348878548CB39A2779FD0F9AC1C746A11E92051F9740680614B239FC33893C6D1FE14712DF7F989CEC64540AD5FC3AB05C9457
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.775693586319366
Encrypted:	false
SSDEEP:
MD5:	117BC6A9B5E05CF1DB01C110DD1E186B
SHA1:	2A46D8BFC62448690EE1184B1BBD97B3740CF243
SHA-256:	D28B29946545A9D9575453E21B2B264D46B1CF7A377EE2ECB934C4385C166A4A
SHA-512:	B0DA5A4A1E394D8E5296CF28654E0079AF621A6DE1EC7B61960B6DC960CC7C0422FE2E7278DD4147CB106CB4D622AA3A7C59D6CD3476C739A00015A5AA10C252
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.259383363104873
Encrypted:	false
SSDEEP:
MD5:	BC16BE676FB6D3C990399903F80A0E02
SHA1:	CAB1428EEF528A18B2A789C5570CDDFA8C87370D
SHA-256:	33AF936E38B24B8CEACCACDB69DA960500A30873012600152107D75A28D22E16
SHA-512:	554A1913B2F14530A0DE75237377DA000A9E5860E84C81AB4CF5025842A583212DC8E207A0FE326EE088A9816CF0DBB2E4F80ACE9153AE49B5C1DBCD51EFEDB8
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.261559773687141
Encrypted:	false
SSDEEP:
MD5:	A337A6DB57F83E3BCAD5F9276472D844
SHA1:	3A1774E99A3BE70423692BC00E25E0B52737B092
SHA-256:	236DBC73A1CA44541E9C40E3B396CB089501FDA77D58F52E4F35DCD430DD3E6A
SHA-512:	6F782462B31C6659A4A75ABFD59AB8106C33C33F09F6ACF03240994A27A099C3392BB8F5E5459EDBD8FEB96C29DADBAC4A9C75004E4EBA03081DC684AAF59B63
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.282504171112556
Encrypted:	false
SSDEEP:
MD5:	0644BA8AD5347579ABE98174B741E626
SHA1:	5264AF4BD344C5C8E741083162A2DEB47977CFE1
SHA-256:	2CADA9F919AD8194C05709E27A8963999383EBE5E0DCEB0B7CEE991FE2A8D873
SHA-512:	2BDA625A1C39E367684F65B9E5E5D1A8663428096C87A0AC8D93A752D95C51A6EB159E4BFCC97999E00A61FFC47B3544855B80C6D56F0E4C1BC63B79AB437115
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.236265072053378
Encrypted:	false
SSDEEP:
MD5:	AF42BB47CDDAB3889ECAE5AED760EA7A
SHA1:	43FC7D7E4E334E0167AC5828CB7F11685ADBA9D4
SHA-256:	2D03B8677CB78B68F7B0B474BEF76E2A788A7F2141817258A9489A8F41ACB2F7
SHA-512:	1978A2C425DE4E40D455AC33F39B60B40B8E9E93C69C2A70FABC26437FEFA6AF77B88BE807D69AD1453658C4AEEE80D8274955ED319924FAE0959D87969387CF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.363305196910238
Encrypted:	false
SSDEEP:
MD5:	0A5ACA6CFD6E98DEE012FAD4144E4827
SHA1:	1D7E8067CC0ACBBCB347571190B8E71F080EA591
SHA-256:	8234F5FA02DE643C8C33B3E3E4EA4B8E7326C0DAFF07EC5928C418E6DAC83314
SHA-512:	1FB53DC268FC3C09474BC884B0CC10E7BCF92A2FA7B56AB82440DA42DF416545A36BD50E57A030D50C0346E28568DD0F484989EB7FD14D217099B6163F0290B7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"cdaf18cb-09e8-4d85-ba6c-e1a6cb6a41a6","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1714131386853,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713956471884}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.137479024394808
Encrypted:	false
SSDEEP:
MD5:	9A100C76D254D209717746DF310E550C
SHA1:	74394CBC1DC9AA59F7B7ADCA5973EBB380ABDEC8
SHA-256:	DB620764DF1F623D0144DC7EAAC22D2B558301BF481B8D02915C0922E5718A91
SHA-512:	045C8CEA443C55E75D06B11566709AA0DE4F737BC71C6C4EDBC6A90F3A1551B7E1FD7411527608825A26D84426801E7664D4B58617963D85D644DCDB1F62A510
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e3583e2cbc82101ff60f22a85cd1c3d0","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713956471000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"82a06565c24912b25883e940e282057d","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713956471000},{"id":"Edit_InApp_Aug2020","info":{"dg":"07fedd94641b963cb528605fa9c089eb","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713956471000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"13e2a821aee18b69e3f219517be0e435","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713956471000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"055832758fa5a26e7c2bce1b98d3b1d7","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713956471000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"d62b41b1165f0f8226e1ff5a028c371b","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":289,"ts":1713956471000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.355786626452215
Encrypted:	false
SSDEEP:
MD5:	9771F66F209D836D482EC863C4197025
SHA1:	4E518EFC7B94FE95780F14A40A4271667C83CD9A
SHA-256:	03864A45990EFBCEBE8959A81C4AAFA54E0552E5ED1D98324A4598626EB065BC
SHA-512:	7E9AA1C45BE3C12F9FEC11D729E5373E5961B4ACF18110390A669239E3FD67763EC0614C307D6F298B877D2B3A2A55C6B36AC4AC1EA18D8913B62AE5F8F377F5
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.829034673814279
Encrypted:	false
SSDEEP:
MD5:	AB66AB78BFEA715695C36F57A63E55D0
SHA1:	EC83748021074A228B63ECFDDCD5BDA090426AD4
SHA-256:	E88EC703D4526BFBE07DBAF3EC3A200428E53ED79DE23ED506FA8F113B22D300
SHA-512:	78CBFCFA9D0424166CC88B4C0F33858569E5335B91AB7253E92866BC67A88D9919BA80684EF8B57B9246923B0DE87D81A5A7006B65CCAA03AD945D9858F96292
Malicious:	false
Reputation:	unknown
Preview:	.... .c......v........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI27751.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.4973455600014702
Encrypted:	false
SSDEEP:
MD5:	8F0BF37D16A9F1B72F39DADC42206B68
SHA1:	C1D0DAB5E940E59B0B2F83AE9BB61B9FFA72DD82
SHA-256:	ABF757EF15BB75107B00A8577D799938AD147F4FEA57AE5647F84ECB6DA4B309
SHA-512:	2959F6A6353CEAA1CFAA0BE9A0F1FA21F618674F1FC3797D9CFC21F854EDAB69446CC6C680DD277D99A4DB380281C7B7D107C530783F725013FD91F184DF7F79
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .1.3.:.0.1.:.1.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 13-01-06-381.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.359827924713262
Encrypted:	false
SSDEEP:
MD5:	06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:	28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:	948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35814
Entropy (8bit):	5.41541745246144
Encrypted:	false
SSDEEP:
MD5:	6341301DDE6CB593987B0F9BE8AD19BB
SHA1:	40B9A47A2CD66F03A5617C11065F4421B12A8010
SHA-256:	1C830C4CD63A1E7BBF2208FCA2F890654FD2EB541D61E91422DA0A4649B20C5F
SHA-512:	562828D15485273CF3DF28EE93A214AF42A5AE1DF28618E5B47C212BCC401BB149D87541FF67ADC57F207D147FF72F0ADEB9B365DD65F03BC6D05B2AA7E625AE
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.980600513848613
Encrypted:	false
SSDEEP:
MD5:	B96FDB817D028E97B4FACC9D5EE0D618
SHA1:	53DF64DF2B0FEAAB7C78162AE2EFAD2D1E1805F9
SHA-256:	C696586538AA2189AEAA2EAFDC4594D06987F07FA65E17F45469C8633666642E
SHA-512:	138328D2E46440F2A2917831212D0120C05A86E43F4C602EE1C2C2FB4FD8C50234AA0D550004063A6A0861EB345DB123234BEE801A9051E2714BD1A3B7716A8B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....o+.6.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XnW....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtW....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XtW....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XtW...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XvW...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9980859387306316
Encrypted:	false
SSDEEP:
MD5:	40D79575CA77D797CF5905BBFAA6DA7F
SHA1:	566E3FF0FBF979B57DDA03EE55C1DEE83E432429
SHA-256:	840E695EF58D2357E0CE79ABEF70E954C5633089732A850C89EE99242FD11F91
SHA-512:	FC00D9A97D1BC01BE6926F5FE6D457FDDD38F4772C934171C3FB7297F444628CB21656C034C7D5A93859C4DF992E182B2CE40D68308350B9AA9DF8BCB37AC2F4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......6.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XnW....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtW....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XtW....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XtW...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XvW...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.006500720480231
Encrypted:	false
SSDEEP:
MD5:	76F9DEAAD8CB85015D9D450C97465C61
SHA1:	FE3D069B90F34662D77FCD8F23DD47B46DD7D572
SHA-256:	CA3E531A913DBB364EBDC91F2C59F454357DFAE0FD1ECED9B78F295E0FF10F9A
SHA-512:	C3830516E3F7DE8060422B3CDE06407A7C0AB28AA90DDB96BC617A7192DBA154BCA0BB907BD09D2E4069485D19B0176B274E4013BE659A207D9D53FE13016236
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XnW....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtW....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XtW....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XtW...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.998216286365906
Encrypted:	false
SSDEEP:
MD5:	FBE4C91EE9F87FE493F911BC09DD7774
SHA1:	CAFA76F7423BB1EF748637696A6247C1E59BC4AC
SHA-256:	4FC21BF1C98978BD5EC0FD3DDF0F6313DB984BAA27EA1672731C846CF9149477
SHA-512:	92D269C32E6DEA93B8D875A8F45E0E396445FD33666B3A587FA75CFAD514F3FD47AE14DE91AD66E9E800486D13C1BC01B0B47A3D01B422F652BB5B03B9CEA96D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......6.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XnW....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtW....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XtW....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XtW...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XvW...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.986770205605966
Encrypted:	false
SSDEEP:
MD5:	8D5F9A16701F2EE5C5F67488D36F2463
SHA1:	FDC724DBBF2185F6CE653AAA22F0657852DFEF6A
SHA-256:	FB8E83D22E171014B3F0E5F87FFC58AFA10C98A49376FAF101B30720D08F2679
SHA-512:	D62AC1EB7DB8FDEBBD0FE4981A057C5426FE0153C7396C17E1EE3BE08A49A6FB39E2AFFD4F52D7B6B2FB9CF336FBC4DF76017BE9240641195B114F0E92699C91
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,..../..6.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XnW....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtW....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XtW....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XtW...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XvW...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9993705579388554
Encrypted:	false
SSDEEP:
MD5:	D886DA051009700A7853D711B1A7CE4E
SHA1:	624435F1E5D78B42F761E9AFAC7BDD4317AFD068
SHA-256:	8A5BA529EDFA383EE85035D9E984E519BBD8F36DCFCE665001B22A74C38CFDDE
SHA-512:	D97BDE0CE0392C09A137C9064D37064D7B8339E7E15191363DBC5F703CF32633C1E4B31A29A91A4C1E25896E575133757C36C3FD2E5C91C84F042387D483A51E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......6.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XnW....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XtW....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XtW....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XtW...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XvW...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	221
Entropy (8bit):	5.125080156870459
Encrypted:	false
SSDEEP:
MD5:	C3EF1304CA515A33205663A6F503622F
SHA1:	530CE1BBB078BD34BB85FE840DC275A348C4D5CF
SHA-256:	6B8D55B46B85455B882BE4623F516EE666855B524FC7E011DC2CC1AC00B50429
SHA-512:	B6E955C90CDC8E3613D1BF8852FA8C0B2D71DB419753EEDF2EE5D776EC8DA07972C2189BDD3BCE5830C1B9C6F37AE51E2149E02F72458A09BDD85726BBACF8D6
Malicious:	false
Reputation:	unknown
URL:	https://091.it-mil-1.linodeobjects.com/g.html
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><BucketName>091</BucketName><RequestId>tx000007ead677bda162806-006628e61f-2ab8dfa1-default</RequestId><HostId>2ab8dfa1-default-default</HostId></Error>

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	221
Entropy (8bit):	5.22369272806993
Encrypted:	false
SSDEEP:
MD5:	FA3028D71155B00FDCB33174A0082D51
SHA1:	2850CDF9084452AAAE9E95CA566F2598F638596F
SHA-256:	63C015BC6D24E8F36CC6CE8E2411513E67294863D17AAE1BFA4F558DE5748034
SHA-512:	C8EE61FD985996F23E8A975A9285E80947CA2CC60D30EF62D13150A97936D4916607F9F0E124EB029C383F61B1873987CF75F3E5BE3552C2F933B76E64EDDEF5
Malicious:	false
Reputation:	unknown
URL:	https://091.it-mil-1.linodeobjects.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><BucketName>091</BucketName><RequestId>tx0000087b2f5494d4198d5-006628e621-2a3aa56c-default</RequestId><HostId>2a3aa56c-default-default</HostId></Error>

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2156

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI27751.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 13-01-06-381.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Static File Info